1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for multicomputer data transferring. Still more particularly, the present invention provides a method and apparatus for distributed data storage and data transfer of user information.
2. Description of Related Art
The Internet has greatly facilitated the exchange of information for many purposes. Many applications have incorporated Internet-related standards, thereby enabling organizations to collaborate over the Internet while maintaining private networks. As Internet-connected applications have become more sophisticated, organizations have shown a desire to increase the level of collaboration, particularly within so-called federated environments.
In a federated environment, each user is typically registered in a home domain that provides certain fundamental services to a user. When a user logs into the user's home domain through some form of authentication process, the user is allowed to access secured resources that are supported by the home domain in accordance with the user's previously defined authorization attributes. In this manner, the user has a permanent relationship with the user's home domain.
In addition, the home domain may have a permanent relationship with many other domains in a federation or a federated environment, sometimes also called business-to-business (B2B) or e-community domains. A federation may or may not require explicit business relationships between pairwise sets of participating enterprises. Each domain or organization within a federated environment may share resources to some extent with users in other domains or organizations within the federated environment.
As users become more knowledgeable about the Internet, they expect enterprises to collaborate so that burdens on the user are reduced. These expectations also apply to management of informational characteristics about a user, sometimes referred to as user attributes. In some circumstances and under certain restrictions, a user might assume that once he or she has provided some user information to one computer system, the user information might be available throughout the user's current session without regard to the various computer boundaries that are sometimes invisible to the user. Enterprises generally try to fulfill these expectations in the operational characteristics of their deployed systems, not only to placate users but also to increase user efficiency, whether the user efficiency is related to employee productivity or customer satisfaction.
More specifically, with the current computing environment in which many applications use Web-based user interfaces that are accessible through a common browser, users expect more user-friendliness and low or infrequent barriers to movement from one Web-based application to another. In this context, users are coming to expect the ability to jump from interacting with an application on one Internet domain to another application on another domain with minimal regard to the information barriers between each particular domain. Even if many systems provide easy-to-use Web-based interfaces, though, a user may still be forced to reckon with multiple user information requests or requirements that stymie user movement across a set of domains. Subjecting a user to multiple information requests or requirements in a short time frame significantly affects the user's efficiency.
Most systems that manage user attributes were designed to work within a single enterprise rather than in a federated environment of organizations which are loosely coupled. Hence, the barriers that are presented by user information requests or requirements are becoming increasingly common as more organizations participate in federated computing environments.
As mentioned above, within a federated environment, a user that is a registered member of one organization can get access to a remote resource that is controlled by another organization; each organization is responsible for the administration of the organization's own registered users and resources, yet the computer systems of the federated organizations interoperate in some manner to share resources between registered members of the organizations. These systems have not offered significant user-level control over the extent to which user attributes are released to, or shared with, other organizations. However, privacy laws require that some organizations allow users to control the personally identifiable information that is released by an organization and to whom it is released. The demand for more privacy laws has increased as users have learned the ways in which private information can be abused.
Therefore, it would be advantageous to provide a method for user-level control over the storage, management, and distribution of user attributes within a federated environment while minimizing user inconvenience and/or information barriers between federated organizations.